Identity and Access Management: Access Management Survey 1



Similar documents
DESIGN BUILD TEST TRAIN/DEPLOY MAINTENANCE

GUIDE TO PROCESSING TERMINATIONS LEAVING PENN STATE

Department of Psychology Policies and Procedures Revised by Faculty Vote February 8, 2012

ADMINISTRATIVE DATA MANAGEMENT AND ACCESS POLICY

Rules of Organization and Bylaws Gladys A. Kelce College of Business

P U R D U E U N I V E R S I T Y

Academic Misconduct & Appeal Process College of Business

University of Southern California Identity and Access Management (IAM)

Policy for Conducting Research at the Fishback Center for Early Childhood Education in the Teaching, Learning, and Leadership Department

Oklahoma State University Policy and Procedures. Red Flags Rules and Identity Theft Prevention

Policies & Procedures Faculty Course Evaluations

INTRODUCTION TO IDENTITY MANAGEMENT

BYLAWS of the Graduate School of Biomedical Sciences

SCHOOL OF COMMUNICATION Procedures for Cases of Alleged Academic Dishonesty

APPOINTMENT PROCEDURES FOR SENIOR ACADEMICAND ADMINISTRATIVE OFFICERS OF THE UNIVERSITY

University of Tulsa College of Law MEDICAL LEAVE OF ABSENCE POLICY

Electrical Engineering Ph.D. Program. Information Booklet

Policies for the Development and Delivery of Online and Hybrid Courses and Programs at the University of La Verne A. Introduction

SABBATICAL LEAVE CALENDAR 1

DATA AND USER ACCESS POLICIES

IT Governance. Brandeis University Library & Technology Services. Committees... 2 One steering committee and three subcommittees are created.

Internal Mass Communications Policy

Canadian Access Federation: Trust Assertion Document (TAD)

WESTERN MICHIGAN UNIVERSITY COLLEGE OF AVIATION POLICY STATEMENT

20. APPOINTMENT OF GRADUATE FACULTY AND THESIS AND DISSERTATION CHAIRS

Enterprise Directory Project Pre-Feasibility Study Information and Educational Technology

The Johns Hopkins University School of Nursing FACULTY BYLAWS

Hiring Procedures and Guidelines

Identity and Access Management Final Report. Monday, February 18, 2008

HAVERFORD COLLEGE IITS: POLICY AND PLANNING

EARLY WARNING Impact of Participating in Early Warning on Course Performance Fall 2011

THE LUTHERAN UNIVERSITY ASSOCIATION, INC. D/B/A VALPARAISO UNIVERSITY

MARSHALL UNIVERSITY HONORS COLLEGE POLICY HANDBOOK

PRESENTATION OF INTERNAL AUDIT SERVICES DAVIS CAMPUS. Rick Catalano Director, Internal Audit Services January 2009

INSTITUTIONAL COMPLIANCE PLAN

Eastern Washington University Assessment and Accountability Plan

GRADUATE GROUP REVIEW PROTOCOL FOR SCHOOLS

Business and Process Requirements Business Requirements mapped to downstream Process Requirements. IAM UC Davis

DS-2019 Application for J-1 Exchange Visitors

Procedures For Registering Your Student Organization On Campus

IT Investment and Business Process Performance: Survey Questionnaire

I. Purpose. Definition. a. Identity Theft - a fraud committed or attempted using the identifying information of another person without authority.

Canadian Access Federation: Trust Assertion Document (TAD)

This document will describe Lake Superior State University s adherence to the following Commission policies regarding federal compliance:

Policy on Privileged Access

Best Practices for Log File Management (Compliance, Security, Troubleshooting)

University of Missouri-Columbia. MU Sinclair School of Nursing. GUIDELINES for APPOINTMENT, REAPPOINTMENT, and PROMOTION of NON-REGULAR FACULTY

DEPARTMENT POLICY STATEMENT

We optimize your enterprise using Active Directory

SCHOOL OF NURSING BYLAWS

APPLICATION FOR SABBATICAL LEAVE UNIVERSITY OF ILLINOIS. UIN: RANK: Date:

Distributed Learning Course Development Grant Program

Graduate Faculty Guidelines

Remote Authentication and Single Sign-on Support in Tk20

PREPARING SABBATICAL LEAVE APPLICATIONS A GUIDE FOR FACULTY

COMP by H M Ishrar Hussain ID#: (Team 6)

AWARENESS SCHOLARSHIPS OFFICIAL RULES. Effective September 2015

Central Person Registry Requirements. Identity and Access Management Central Person Registry Software Requirements Specification

COLUMBUS STATE COMMUNITY COLLEGE POLICY AND PROCEDURES MANUAL. NON-RESIDENT CREDIT Effective June 26, 2000 Procedure No (D) Page 1 of 5

STATE UNIVERSITY OF NEW YORK HEALTH SCIENCE CENTER AT BROOKLYN (Downstate Medical Center)

The University of Texas Rio Grande Valley. Network Security. Create a Virtual Private. Network (VPN) Connection. Network Security How-to:

Identity theft. A fraud committed or attempted using the identifying information of another person without authority.

BUSINESS CONTINUITY PLANNING

Autodesk Education Community FAQ

IAM, Enterprise Directories and Shibboleth (oh my!)

Ttuhsc el paso Gayle Greve Hunt school of nursing FACULTY GOVERNANCE

Identity Management Project UNC Charlotte Information Technology Services

AFFILIATION AGREEMENT BETWEEN THE TEXAS SOUTHERN UNIVERSITY AND [ ]

Graduate Education Policy Guide. Master s Degree: Performance Standards and Progress

Copyright Soleran, Inc. esalestrack On-Demand CRM. Trademarks and all rights reserved. esalestrack is a Soleran product Privacy Statement

Big Brother: Network Monitoring Software. Kevin Orlowski. System Administration

Suggest the following information be placed on bottom of Policy page, space permitting, or on last page of

What is TIER? Trust and Identity in Education and Research

SCHOOL OF MASS COMMUNICATIONS STATEMENT ON GOVERNANCE

Michigan State University Anti-Discrimination Policy/Relationship Violence & Sexual Misconduct Policy Student Conduct Review Panel Procedures

Active Directory Self-Service FAQ

Plan of Organization for the School of Public Health

How To Manage The Transportation Curriculum Coordination Council

ASSOCIATE DEAN OF NURSING, BYRDINE F. LEWIS CHAIR (Salary Range $130,000 to $160,000)

HOW FINANCIAL INSTITUTIONS ARE USING MYSTERY SHOPPING TO HELP MITIGATE REGULATORY COMPLIANCE ISSUES WHILE IMPROVING THE CUSTOMER EXPERIENCE

The Rice University Sport Business Alliance Constitution

Texas Woman s University Guidelines for Implementing Distance Education Degrees 1

Humber College Institute of Technology & Advanced Learning. Program Advisory Committee. Procedure Manual

P U R D U E U N I V E R S I T Y

Enterprise Exchange Archive

Chapter 9: Continuing Education and Course Certification

Indiana University Kokomo. Student Nurses Association

A. Criteria for Membership in the Graduate Group

UNIVERSITY of ILLINOIS BACKGROUND CHECK POLICY. Urbana Campus Candidates Frequently Asked Questions. January 2016

esignature FAQ s Table of Contents

PROVOST S OFFICE TUFTS UNIVERSITY GUIDELINES FOR PROPOSING NEW DEGREE PROGRAMS AT TUFTS UNIVERSITY

Best Practices and Vulnerabilities for

User Accounts and Password Standard and Procedure

Curriculum Proposal System- Where is my Proposal? Table of Contents OVERVIEW... 3 LESSON 1: WORKFLOWS... 3 LESSON 2: THE INBOX...

VERALAB LDAP Configuration Guide

MECHANICAL AND AERONAUTICAL ENGINEERING GRADUATE PROGRAM BYLAWS

Account Management Standards

8.6. NET SatisFAXtion Gateway Installation Guide. For NET SatisFAXtion 8.6. Contents

HIPAA PRIVACY RULE: PATIENT REQUESTS TO AMEND PROTECTED HEALTH INFORMATION

Transcription:

Access Management Survey s The Identity and Access Management (IAM) Technical Architect Group (TAG) was formed by Kevin Morooney, the vice provost for information technology at Penn State, in July 2009. The primary responsibilities for this group are to gather stakeholder requirements, turn these requirements into technical requirements documents, design, architect and prototype solutions, and support integration and implementation, as outlined in the IAM Final Report and Recommendations. As an IAM stakeholder, you are critically important to the development of a successful IAM implementation at Penn State. As such, we would like to ask for your assistance with defining the requirements for Access Management, as outlined in Strategic Recommendations 4 and 7, of the IAM Final Report and Recommendations. For additional details on Access Management, refer to the Access Management Overview available in the Resources section of the IAM Community site. The IAM TAG team has developed a survey to solicit your input for Access Management. Please take a moment to complete the survey. Feel free to skip any question you are unable to answer. Likewise, we invite other staff with your area who may have valuable insights to the challenges related to IAM. Please have those staff members contact iam@psu.edu to partake in the survey. As you complete the survey, you may encounter use cases that you feel are relevant. A use case is a situation or scenario whose consideration could help define the Access Management requirements. Please include these use cases along with the responses to the survey. For your reference, we have examples of IAM use cases available on the IAM Community Site One of the core concepts of Identity and Access Management is the management of access rights to resources (content/services) - ensuring they are appropriately and efficiently granted, auditable, and updated or removed when circumstances change. The purpose of this survey is to solicit your input on several aspects of access management. The areas are: access control via groups, roles and/or attributes policy engine - access control via business rules compliance - auditing, reporting and/or monitoring activities to meet regulatory requirements use case - describe challenges that are not addressed by current survey offering If you are interested in taking the survey, please submit a request to iam@psu.edu. Shortly after your request is received, an invitation to take the survey will be sent to you. Survey responses must be submitted by Friday May 14, 2010. Identity and Access Management: Access Management Survey 1

Group Access Currently groups can be used to control access to content, services and other resources. In this case a group is a collection of people that exists in the Penn State Directory, based on Lightweight Directory Access Protocol. Class Groups A class group contains all of the students registered for a particular course, location and section. The information for a course group is based on student enrollment activity in Integrated Student Information System. A group is created for each course, location and section. When a student adds a course, he/she is added to the group. Conversely, when a student drops a course, he/she is removed from the group. The instructor(s) of record for the course are also members of the groups and have administrative rights to add/remove users manually (via the User Managed Group (UMG) interface, https://umg.its.psu.edu/). The UMG interface allows users to create and manage groups of users, as well as restrict access to this group to a number of Web-based services. Standing Groups - A standing group is based on data that is provided from IBIS (Integrated Business Information System); its membership is updated daily. Some examples include: o psu.facstaff - contains all full-time Penn State faculty and staff at all campus locations o o o staff.up.cis - all ITS employees psu.up.faculty all faculty members at University Park psu.up.staff all staff members at University Park all of the other campus locations have two groups like the UP ones User Managed Groups - Groups that can be managed by users, via the UMG site located at https://umg.its.psu.edu/. Examples of content/service are: Content - Web-based content located in one's Penn State Access Account Storage Space; via https://protected.personal.psu.edu/ an individual can control who has access to content stored in his/her PASS. Service - The ITS Downloads site, https://downloads.its.psu.edu/, which uses groups to control access to downloads that are only available to Penn State faculty and staff. The IAM TAG is investigating solutions to enhance the existing functionality provided by groups. What are some of your requirements and/or enhancement requests for utilizing groups in your application(s)? Identity and Access Management: Access Management Survey 2

Roles Roles are used to group University members together and specify access restrictions via attributes. Some examples are: Financial Roles - Currently, financial roles are used within Penn State's Workflow application to control access and determine the routing of forms within the system. Workflow is Penn State's Web-based hosting system for University academic, administrative, and financial management processes, specifically pertaining to review approval needs. An example of a financial role is a financial officer role. This role has a defined set of attributes that determine the characteristics of the role. An example of a form within Workflow is the Termination (TRMN) form. Academic Roles - This role permits for the ability to review/approve Undergraduate Education Travel Request (UGTR) and Sabbatical Request for Leave (SABB) forms via Workflow. Human Resource Roles - This role permits for the ability to review/approve Termination in Workflow. Notification Roles - This role is used by Penn State's Housing and Foods (HFS) to, for example, notify users about purchases made via ebuy. The IAM TAG is currently investigating solutions to enhance the existing functionality. What are some of your requirements and/or enhancement requests for utilizing roles in your application? Attributes An attribute is a name/value pair that exists in the Penn State Directory. An example is the common name (cn) attribute. It has a name, cn, and can have multiple values. Attributes can either be single-valued or multi-valued. A single-valued attribute can only hold one value; an example is the displayname attribute. A multi-valued attribute can hold multiple values; an example is the cn attribute mentioned above. Some other examples of attributes are: Person's Affiliation Department Administrative Area The IAM TAG is currently investigating solutions to enhance the existing functionality. What are some of your requirements and/or enhancement requests for utilizing attributes in your application? Identity and Access Management: Access Management Survey 3

Central Access Management Services Currently there is not a consistent central mechanism by which users may access groups, roles and/or attributes that reside in Penn State's Directory. In most cases, one typically needs to either develop the software or purchase a solution in order to interface with the Directory. If such a central mechanism can be developed, what are your requirements for it? (For example, Web-based services/applications in your area that would need to rely on such a mechanism). Compliance Ensuring that only authorized users are granted access to content/services for which they have been granted access is an important aspect of access management. Several key components are: reporting mechanisms for displaying authorized users and their privileges auditing of the addition/deletion of users and/or privileges monitoring access to content/services What are your requirements for auditing, reporting and/or compliance monitoring related to access services? Central Policy Engine A policy engine provides centralization of access controls based on business rules. This service separates the business rules from the application code providing consistent policies across the organization, easy maintenance of the business rules and auditing/monitoring of all changes. An example is controlling access to a document so that only faculty in a particular department are granted access. The central policy engine could have a rule that would check to determine if a person meets the requirements for access and returns via a service a yes/no as to whether or not the person may have access. If a central policy engine could be developed that will allow you to apply business rules to control access to content/services what are some of your requirements for such a service? Identity and Access Management: Access Management Survey 4

Priorities Rank by importance the features you would like to see implemented or select the features you would like to have implemented 1. A group is collection of people, which can be used to control access to content, services and resources. 2. A role is used to group University members together and specify access restrictions. 3. An attribute is a name/value pair that can be used control access to content, services and resources. 4. Central Access Management Services is a consistent, central mechanism used to access groups, roles and/or attributes. 5. Compliance is insuring that only authorized users are granted access to content/services for which they have been granted access. 6. A central policy engine provides centralization of access controls based on business rules. Please number each box in order of preference from 1 (most important) to 6 (least important): Groups Roles Attributes Central Access Management Services Compliance Central Policy Engine Other (list here) Administrative Data Access Integrated Student Information System (ISIS) is the centralized student system that manages records for all Penn State Students at all Penn State locations. Integrated Business Information System (IBIS) is the electronic business system that manages financial and human resources data. Two-factor authentication is required to access either system. Do you have any recommendations for improving the process for granting access to higher risk services and/or protected data? Some examples include: IBIS ISIS NOTE: Please answer this question based on the current functions of your job. For example: Data Steward - an administrator or designee who is responsible for Computerized Institutional Data Identity and Access Management: Access Management Survey 5

Access and Security Representative (ASR) - an individual, usually an administrator of a major University office (e.g., college or campus) or designee, who coordinates requests from administrators, faculty and staff within the unit for access to: University Institutional Computer and Network Resources; specific production capabilities; Computerized Institutional Data; and system development, processing and communications tool End-User - any individual who uses University Computer and Network Resources Additional Information - Use Cases Do you control access to content or services via a method that is not acknowledged in the groups, roles and/or attributes questions? If so, please provide a brief description about how you control access. Do you have additional comments and/or use cases (example of problems)? Identity and Access Management: Access Management Survey 6

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information